This is an automated email from the ASF dual-hosted git repository.
manikumar pushed a commit to branch 2.6
in repository https://gitbox.apache.org/repos/asf/kafka.git
The following commit(s) were added to refs/heads/2.6 by this push:
new 25f4b23 KAFKA-12820: Upgrade maven-artifact dependency to resolve
CVE-2021-26291
25f4b23 is described below
commit 25f4b2337d8199cd1420516c2a817d2e0d878cb4
Author: Lee Dongjin <[email protected]>
AuthorDate: Fri May 21 16:07:07 2021 +0900
KAFKA-12820: Upgrade maven-artifact dependency to resolve CVE-2021-26291
CVE-2021-26291, which makes Man-In-The-Middle-Attack possible, was fixed in
maven 3.8.1.
Reviewers: Luke Chen <[email protected]>, Manikumar Reddy
<[email protected]>
---
gradle/dependencies.gradle | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gradle/dependencies.gradle b/gradle/dependencies.gradle
index 37bcdb5..64d76e6 100644
--- a/gradle/dependencies.gradle
+++ b/gradle/dependencies.gradle
@@ -94,7 +94,7 @@ versions += [
kafka_25: "2.5.1",
kafka_26: "2.6.2",
lz4: "1.7.1",
- mavenArtifact: "3.6.3",
+ mavenArtifact: "3.8.1",
metrics: "2.2.0",
mockito: "3.3.3",
netty: "4.1.59.Final",
